Stealing Tesla cars using Raspberry Pi

A group of researchers from COSIC, a Belgian research group have manged to calculate secret key of the key fob of a Tesla Model S using a Raspberry Pi 3B+ in under 2 seconds. In detail Tesla key fobs are using Texas Instrument's DST40 Cipher. A Tesla car using this will broadcast a radio message containing its unique verhicle identifier. When the key fob is in range it will respond to that message initiating the cryptographic flow.

The Tesla will send a 40 Bit challenge message to which the key fob will reply with a 24 Bit response message. The key fob has 40 Bit secret key burnt into its circuitry. The DST40 handshake flow takes the 40 Bit challenge with the 40 Bit secret key and will produce the 24 Bit response. Since 24 Bit is not long enough (2^24 combinations), for a single 40 Bit challenge multiple 40 Bit secret keys will produce the same 24 Bit message.

The researches learnt that they could pick a single 40 Bit challenge value and record which 40 Bit secret keys produce what 24 Bit responses. The resulting data structure was 5.4 TB. When indexed by the 24 Bit response message, this massive database of 40 Bit secret keys and responses could be searched very quickly. With this, a single 24 Bit response message narrows a 40 Bit secret key down to just 2^16 possible secret keys.

See the demo below for the exploit in action:

Trying to open the car’s door triggers a DST40 handshake attempt, which gives up the car’s unique ID. With this ID, they then get close enough to the key fob to perform two handshake attempts, the first with the pre-computed challenge, and the second with a random challenge. This requires less than two seconds of proximity to the target key fob. About 4.5 seconds of computation later, the attacker has a cloned key fob, and is able to drive the vehicle away.